Multi-mode phy-level wireless security

ABSTRACT

A method for communication includes, in a transmitter that transmits one or more data streams to respective target receivers and one or more jamming streams for preventing the data streams from being decoded by eavesdropping receivers, holding a definition of at least first and second transmission modes having respective, different first and second levels of security in preventing the data streams from being decoded by the eavesdropping receivers. One of the first and second transmission modes is selected for transmitting a data stream to a target receiver, by evaluating a selection criterion. The data stream and the jamming streams are transmitted via an antenna array using the selected transmission mode.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional PatentApplication 61/445,276, filed Feb. 22, 2011, and U.S. Provisional PatentApplication 61/487,355, filed May 18, 2011, whose disclosures areincorporated herein by reference. This application is related to a U.S.patent application entitled “PHY-Level Wireless Security” (attorneydocket no. 1169-1003.1) and to a U.S. patent application entitled“Time-Varying PHY-Level Wireless Security” (attorney docket no.1169-1003.2), filed on even date, whose disclosures are incorporatedherein by reference.

FIELD OF THE INVENTION

The present invention relates generally to communication systems, andparticularly to methods and systems for securing wireless communication.

BACKGROUND OF THE INVENTION

Some wireless communication systems apply physical-layer (PHY)mechanisms for securing transmissions from illegitimate eavesdropping.For example, U.S. Pat. No. 7,672,400, whose disclosure is incorporatedherein by reference, describes a method for secure communication in awireless network using a spatial division multiple access transmissionscheme. The method includes allocating transmission power to N channelsto be transmitted to one or more destination stations by N antennas,such that the power to be received by each one of the one or moredestination stations is not greater by more than a predefined powermargin than a minimum power required for reception at a desired qualityof service.

As another example, U.S. Pat. No. 7,751,353, whose disclosure isincorporated herein by reference, describes a method for securing awireless transmission. The method includes transmitting a noisetransmission to be received by one or more destinations other than anintended destination of a packet during a time period corresponding tothe duration of the packet.

Additional examples of secure transmission schemes are described by Goeland Negi, in “Guaranteeing Secrecy using Artificial Noise,” IEEETransactions on Wireless Communications, volume 7, no. 6, June, 2008,pages 2180-2189; and by Swindlehurst, in “Fixed SINR Solutions for theMIMO Wiretap Channel,” Proceedings of the International Conference onAcoustics, Speech and Signal Processing, Taipei, Taiwan, April, 2009,pages 2437-2440, which are incorporated herein by reference.

SUMMARY OF THE INVENTION

A method for communication includes generating one or more data streamsfor transmission to respective target receivers, and one or more jammingstreams. At least one parameter, selected from a group of parametersconsisting of power ratios for allocation to the jamming streams andModulation and Coding Schemes (MCSs) for assigning to the data streams,is calculated based on a criterion that is set to reduce a probabilityof the data streams being decoded by at least one eavesdroppingreceiver. The data streams and the jamming streams are transmitted usingan antenna array while applying the at least one parameter.

In some embodiments, calculating the at least one parameter includesrestricting selection of an MCS for a given data stream to a partialsubset of the MCSs. Restricting the selection of the MCS may includedefining the partial subset of the MCSs based on the power ratios andassumed or pre-measured channel statistics of communication channelsbetween the antenna array and the target receivers.

In an embodiment, restricting the selection of the MCS includespredefining multiple partial subsets of the MCSs corresponding torespective channel types between the antenna array and the targetreceivers, determining an actual channel type and selecting thepredefined partial subset that corresponds to the actual channel type.In another embodiment, restricting the selection of the MCS includesincluding in the partial subset only the MCSs having at least a selectedminimum data rate.

In a disclosed embodiment, calculating the at least one parameterincludes setting a power ratio of a given jamming stream at a fixedvalue. In another embodiment, calculating the at least one parameterincludes adapting the power ratios based on Channel State Information(CSI) of communication channels between the antenna array and the targetreceivers.

There is additionally provided, in accordance with an embodiment of thepresent invention, a communication apparatus including data generationcircuitry, jamming generation circuitry and transmission circuitry. Thedata generation circuitry is configured to generate one or more datastreams for transmission to respective target receivers. The jamminggeneration circuitry is configured to generate one or more jammingstreams. The control unit is configured to calculate at least oneparameter selected from a group of parameters consisting of power ratiosfor allocation to the jamming streams and Modulation and Coding Schemes(MCSs) for assigning to the data streams, based on a criterion that isset to reduce a probability of the data streams being decoded by atleast one eavesdropping receiver. The transmission circuitry isconfigured to transmit the data streams and the jamming streams using anantenna array while applying the at least one parameter.

There is also provided, in accordance with an embodiment of the presentinvention, a method for communication. The method includes generating adata transmission including multiple successive parts in respective timeintervals, for transmission to a target receiver. At least one jammingtransmission is generated, having a configuration that varies over therespective time intervals corresponding to the parts of the datatransmission, including at least first and second differentconfigurations generated during respective first and second timeintervals. The data transmission is transmitted to the target receiverusing an antenna array, and the at least one jamming transmission istransmitted simultaneously using the antenna array.

In an embodiment, generating the jamming transmission includesgenerating a first number of jamming streams during the first timeinterval, and a second number of the jamming streams, different from thefirst number, during the second time interval. In another embodiment,generating the jamming transmission includes beamforming the jammingtransmission using a first beamforming vector during the first timeinterval, and beamforming the jamming transmission using a secondbeamforming vector, different from the first beamforming vector, duringthe second time interval.

In yet another embodiment, generating the jamming transmission includesinhibiting the jamming transmission during the first time interval, andenabling the jamming transmission during the second time interval. Instill another embodiment, generating the jamming transmission includesproducing the jamming transmission at a first power level during thefirst time interval, and producing the jamming transmission at a secondpower level, different from the first power level, during the secondtime interval.

In a disclosed embodiment, generating the data transmission includesgenerating a communication packet, the first time interval includes oneor more fields other than a payload of the packet, and the second timeinterval includes the payload of the packet. In some embodiments, thefirst and second time intervals occur in respective different first andsecond communication frames, and the method includes applying in thetarget receiver a first receive beamforming vector during the first timeinterval and a second receive beamforming vector, different from thefirst receive beamforming vector, during the second time interval, so asto cause the configuration of the jamming transmission to vary over therespective time intervals.

There is further provided, in accordance with an embodiment of thepresent invention, a communication apparatus including data generationcircuitry, jamming generation circuitry and transmission circuitry. Thedata generation circuitry is configured to generate a data transmissionincluding multiple successive parts in respective time intervals, fortransmission to a target receiver. The jamming generation circuitry isconfigured to generate at least one jamming transmission having aconfiguration that varies over the respective time intervalscorresponding to the parts of the data transmission, including at leastfirst and second different configurations generated during respectivefirst and second time intervals. the transmission circuitry isconfigured to transmit the data transmission to the target receiverusing an antenna array, and to simultaneously transmit the at least onejamming transmission using the antenna array.

There is additionally provided, in accordance with an embodiment of thepresent invention, a method for communication. The method includesgenerating, for transmission from multiple transmit antennas, one ormore data streams for transmission to respective target receivers andone or more jamming streams. Respective beamforming vectors arecalculated for the jamming streams by applying QR factorization to aconjugate of an aggregate matrix of communication channels between thetransmit antennas and receive antennas of all the target receivers, toproduce a Q matrix; extracting a subset of columns of the Q matrix toserve as a basis for a vector subspace that is orthogonal to theaggregate matrix of the communication channels; and calculating thebeamforming vectors for the jamming streams from the basis. The jammingstreams are beam-formed using the calculated beamforming vectors. Thedata streams are transmitted to the target receivers using the multipletransmit antennas, and the jamming streams are simultaneouslytransmitted using the multiple transmit antennas.

In some embodiments, extracting the subset of the columns includesextracting last N-N_(U) columns of the Q matrix, N denoting a totalnumber of the transmit antennas, and N_(U) denoting a total number ofthe receive antennas of all the target receivers. In an embodiment, theaggregate matrix of communication channels is replaced by a matrixobtained from one or more Singular Value Decompositions (SVD) ofmatrices of the communication channels, which are produced by the targetreceivers.

There is also provided, in accordance with an embodiment of the presentinvention, a communication apparatus including data generationcircuitry, jamming generation circuitry and a control unit. The datageneration circuitry is configured to generate one or more data streamsfor transmission to respective target receivers from multiple transmitantennas. The jamming generation circuitry is configured to generate oneor more jamming streams. The control unit is configured to calculaterespective beamforming vectors for the jamming streams by applying QRfactorization to a conjugate of an aggregate matrix of communicationchannels between the transmit antennas and receive antennas of all thetarget receivers to produce a Q matrix, extracting a subset of columnsof the Q matrix to serve as a basis for a vector subspace that isorthogonal to the aggregate matrix of the communication channels, andcalculating the beamforming vectors for the jamming streams from thebasis. The transmission circuitry is configured to beam-form the jammingstreams using the calculated beamforming vectors, to transmit the datastreams to the target receivers using the multiple transmit antennas,and to simultaneously transmit the jamming streams using the multipletransmit antennas.

There is further provided, in accordance with an embodiment of thepresent invention, a method for communication. The method includesreceiving uplink signals from one or more communication stations.Responses of downlink communication channels to the communicationstations are estimated based on the received uplink signals. One or moredata streams for transmission using an antenna array to thecommunication stations and one or more jamming streams for transmissionusing the antenna array are configured based on the estimated downlinkcommunication channels. The configured data streams and jamming streamsare transmitted.

In some embodiments, the method includes instructing the communicationstations to transmit training signals that provide channel informationrelating to communication channels to all receive antennas of thecommunication stations. In some embodiments, the method includesinstructing a communication station to disable one or more receivechains in the communication station.

There is additionally provided, in accordance with an embodiment of thepresent invention, a communication apparatus including a control unitand transmission circuitry. The control unit is configured to estimate,based on uplink signals that are received from one or more communicationstations, responses of downlink communication channels to thecommunication stations, and to configure, based on the estimateddownlink communication channels, one or more data streams fortransmission using an antenna array to the communication stations andone or more jamming streams for transmission using the antenna array.The transmission circuitry is configured to transmit the data streamsand jamming streams.

There is further provided, in accordance with an embodiment of thepresent invention, a method for communication in a transmitter thattransmits one or more data streams to respective target receivers andone or more jamming streams for preventing the data streams from beingdecoded by eavesdropping receivers. The method includes holding adefinition of at least first and second transmission modes havingrespective, different first and second levels of security in preventingthe data streams from being decoded by the eavesdropping receivers. Oneof the first and second transmission modes is selected for transmittinga data stream to a target receiver, by evaluating a selection criterion.The data stream and the jamming streams are transmitted via an antennaarray using the selected transmission mode.

In some embodiments, transmitting the data stream using the firsttransmission mode includes transmitting at least one jamming streamsimultaneously with the data stream, and transmitting the data streamusing the second transmission mode includes transmitting the data streamwhile inhibiting transmission of the jamming streams. In someembodiments, selecting the transmission mode includes selecting a datarate for the data stream using a first rule, and transmitting the datastream using the second transmission mode includes selecting the datarate using a second rule, different from the first rule.

In an embodiment, transmitting the data stream using the firsttransmission mode includes transmitting channel sounding signals atfirst time intervals, and transmitting the data stream using the secondtransmission mode includes transmitting the channel sounding signals atsecond time intervals, more frequent than the first intervals. Inanother embodiment, selecting the transmission mode includes instructingthe target receiver to respond to sounding requests prior to associationwith any transmitter while operating in the first transmission mode, andto respond to sounding requests only after the association whileoperating in the second transmission mode.

In yet another embodiment, evaluating the selection criterion includeschoosing between the first and second transmission mode depending on aService Set ID (SSID) with which the target receiver is associated. Instill another embodiment, transmitting the data stream using the firsttransmission mode includes transmitting a jamming stream during a firstsubset of frames of the data stream, and transmitting the data streamusing the second transmission mode includes transmitting the jammingstream during a second subset of the frames of the data stream,different from the first subset. In an embodiment, selecting thetransmission mode includes receiving a request from the target receiverto select the one of the first and second transmission modes, andchoosing the transmission mode in response to the request.

In a disclosed embodiment, selecting the transmission mode includesinstructing the target receiver to disable one or more receive chains inthe target receiver when operating in the first transmission mode, andto enable the one or more receive chains when operating in the secondtransmission mode. In another embodiment, selecting the transmissionmode includes instructing the target receiver to transmit, whenoperating in the first transmission mode, channel feedback that isindicative of all receive antennas of the target receiver.

In yet another embodiment, selecting the transmission mode includesextracting from the data stream a tag that indicates a requestedtransmission mode, and selecting the transmission mode responsively tothe tag. In still another embodiment, selecting the transmission modeincludes detecting an exchange of Request-To-Send/Clear-To-Send(RTS/CTS) messages that precedes the data stream, from which an identityof a target receiver intended to receive the data stream isrecognizable, and initiating the transmission mode based on the detectedRTS/CTS messages.

There is further provided, in accordance with an embodiment of thepresent invention, a communication apparatus including transmissioncircuitry and a control unit. The transmission circuitry is configuredto transmit data streams to target receivers and jamming streams forpreventing the data streams from being decoded by eavesdroppingreceivers. the a control unit is configured to hold a definition of atleast first and second transmission modes having respective, differentfirst and second levels of security in preventing the data streams frombeing decoded by the eavesdropping receivers, to select one of the firstand second transmission modes for transmitting a data stream to a targetreceiver by evaluating a selection criterion, and to control thetransmission circuitry to transmit the data stream and the jammingstreams via an antenna array using the selected transmission mode.

The present invention will be more fully understood from the followingdetailed description of the embodiments thereof, taken together with thedrawings in which:

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram that schematically illustrates a wirelesscommunication system that uses physical-layer security, in accordancewith an embodiment of the present invention;

FIG. 2 is a block diagram that schematically illustrates a transmitterof a wireless Access Point

(AP), in accordance with an embodiment of the present invention;

FIG. 3 is a block diagram that schematically illustrates a wirelesscommunication system that uses physical-layer security, in accordancewith an alternative embodiment of the present invention; and

FIGS. 4-10 are flow charts that schematically illustrate methods forphysical-layer security, in accordance with embodiments of the presentinvention.

DETAILED DESCRIPTION OF EMBODIMENTS Overview

Embodiments of the present invention that are described herein provideimproved methods and systems for physical-layer security. The disclosedtechniques are used in a communication system in which one or moretransmitters transmit data streams to legitimate receivers, e.g., usingbeamforming, and apply means for protecting the data streams from beingdecoded by at least one eavesdropping receivers. The embodimentsdescribed herein refer to beam-formed data streams that are transmittedto the legitimate receivers, but the disclosed techniques are alsoapplicable in schemes that transmit the data streams to the legitimatereceivers without beamforming.

In order to protect against eavesdropping, the transmitters transmit oneor more jamming streams, which are beam-formed so as to degrade thereception quality of the data streams at an eavesdropping receiver withlittle or no degradation at the legitimate receivers. Typically, noassumptions are made as to the location or properties of theeavesdropping receiver. The jamming streams may be transmitted by thesame transmitter that transmits the data streams, or by a separatedevice referred to as a sentinel.

Some disclosed embodiments provide techniques for adaptively selectingthe fraction of transmit power allocated to the jamming streams, and/orthe Modulation and Coding Scheme (MCS) to be used for transmitting thedata stream, so as to maintain optimal security. Other disclosedembodiments use different jamming stream configurations, e.g., modifythe number of jamming streams or their beamforming vectors, fordifferent parts of the data stream. Other disclosed techniques computethe beamforming vectors for the jamming streams by performing QRfactorization of the aggregate channel matrix between the transmitterantennas and all legitimate receiver antennas.

In some embodiments, the transmitters configure the data streams andjamming streams based on implicit channel feedback. In these schemes,the transmitters assume that the uplink and downlink channels arereciprocal, and estimate the channels from uplink signals transmitted bythe legitimate receivers. These schemes provide a high degree ofsecurity, relative to schemes in which the receivers send to thetransmitters channel feedback that can be intercepted and exploited bythe eavesdropping receiver.

In other disclosed embodiments, the transmitters choose between multipletransmission modes that provide different levels of security inpreventing decoding of data streams by eavesdropping receivers. Severalexample transmission modes and selection criteria are described herein.Mode selection may be decided by the transmitters or by the legitimatereceivers. In some embodiments, the receivers are configured differentlyin each transmission mode.

The methods and systems described herein improve the effectiveness ofphysical-layer security. At the same time, the disclosed techniquesreduce the performance degradation and communication overhead that isassociated with transmission of jamming streams.

System Description

FIG. 1 is a block diagram that schematically illustrates a wirelesscommunication system 20 that uses physical-layer security, in accordancewith an embodiment of the present invention. In the present example,system 20 comprises a Wireless Local Area Network (WLAN) that operatesin accordance with IEEE Standard 802.11n, entitled “IEEE Standard forInformation Technology—Telecommunications and Information Exchangebetween Systems—Local and Metropolitan Area Networks—SpecificRequirements; Part 11: Wireless LAN Medium Access Control (MAC) andPhysical Layer (PHY) Specifications; Amendment 5: Enhancements forHigher Throughput,” October, 2009, which is incorporated herein byreference. In alternative embodiments, however, system 20 may operate inaccordance with any other suitable communication standard or protocol.

System 20 comprises an Access Point (AP) 24, which communicates with oneor more stations (STA) 28. System applies PHY-level security techniques,which are described in detail below, to prevent transmissions of AP 24from being illegitimately decoded by an eavesdropping receiver 32.Receiver 32 is referred to herein as “eavesdropper” for brevity. Thefigure shows a single AP, a single STA and a single eavesdropper for thesake of clarity. Real-life systems, however, typically comprise multipleAPs 24 and multiple STAs 28, and may be subject to eavesdropping bymultiple eavesdroppers 32. STAs 28, to which the data streams areaddressed by the AP, are also referred to as legitimate STAs, legitimatereceivers or target receivers.

AP 24 comprises multiple antennas 34. Antennas 34 are sometimes referredto as a beamforming array, although the beamforming operation istypically performed on the signals that are provided to the antennas.The AP typically transmits one or more beam-formed data transmissions,referred to as data streams, on directional transmission beams that aredirected toward the STAs intended to receive the data streams.

In order to transmit a data stream to a given STA, the AP generates thesignal to be transmitted, and transmits the signal simultaneously viamultiple antennas 34 while applying a respective (complex) weight toeach antenna. The set of weights, referred to as a beamforming vector,is selected so as to produce a directional beam that is directed towardthe given STA. In the present example, AP 24 transmits a data stream toSTA 28 using a beamforming vector that produces a beam 36.

In many practical scenarios, as in the example of FIG. 1, eavesdropper32 is positioned at a location that enables it to receive beam 36 withsufficient Signal to Noise Ratio (SNR) so as to decode the data streamsuccessfully. In order to secure the data stream, AP 24 uses the arrayof antennas 34 to transmit an additional beam-formed stream, referred toas a jamming stream. The jamming stream is transmitted with appropriatepower and beamforming vector, which are set so as to (i) degrade the SNRat which eavesdropper 32 receives the data stream, and (ii) cause littleor no SNR degradation at STA 28.

In the present context, the terms “jamming stream” and “jammingtransmission” are used to describe any transmission that is not intendedto convey useful data to any receiver, but rather to degrade thereception quality (e.g., SNR) at potential eavesdropping receivers. Theterms SNR and Signal to Interference and Noise Ratio—SINR—are usedinterchangeably unless noted otherwise. Both terms refer to the powerratio between the data stream in question and the remaining signal andnoise components, e.g., other data streams, jamming streams, and noise.

In the present example, the jamming stream is transmitted on a beam 40.As can be seen in the figure, the beamforming vector used for thejamming stream causes a spatial null in a direction 44 from AP 24 to STA28, meaning that STA 28 will receive the jamming stream at a low powerlevel that will cause little or no degradation to the decoding of thedata stream carried on beam 36. Eavesdropper 32, on the other hand, islocated at a direction 48 from the AP. Therefore, the eavesdropper willreceive the jamming stream (beam 40) at a relatively high power level,which is comparable with that of the data stream (beam 36). As a result,the SNR of the data stream at eavesdropper 32 is poor, and there is highlikelihood that the eavesdropper will fail to decode it.

In some embodiments, the jamming stream comprises a random orpseudorandom, noise-like signal. In other embodiments, the jammingstream comprises a sequence of modulated symbols that are selected atrandom from some symbol constellation, e.g., the same constellation usedfor modulating the data streams. In other embodiments, the jammingstream comprises a sequence of modulated symbols that are selected froma symbol constellation by Forward Error Correction Code (FEC) encodingand modulation of random bits. Further alternatively, the jamming streammay comprise any other suitable signal type.

FIG. 1 shows only a single data stream and a single jamming stream, forthe sake of clarity. In alternative embodiments, AP 24 may transmit anydesired number of data streams and any desired number of jamming streamssimultaneously. Further alternatively, the jamming streams may betransmitted by a transmitter other than AP 24. An embodiment of thissort is shown in FIG. 3 further below. Additional aspects of securetransmission schemes using jamming streams are addressed in U.S. Pat.Nos. 7,672,400 and 7,751,353, cited above.

FIG. 2 is a block diagram that schematically illustrates a transmitter50 of AP 24, in accordance with an embodiment of the present invention.Transmitter 50 generates a total of four streams—Two data streams andtwo jamming streams. In the present example, data for transmission isscrambled by a scrambler 54. An encoder parser 58 parses the scrambleddata into blocks, and each block is encoded with a FEC by a FEC encoder62.

A stream parser 66 parses the encoded data into two data streams. Eachdata stream is interleaved by a respective interleaver 70, and eachinterleaved data stream is mapped onto a sequence of modulated symbolsby a respective constellation mapper 74. In the present example, aCyclic Shift Diversity (CSD) module 78 applies CSD to a given datastream, i.e., spreads the signal with different cyclic shifts acrossmultiple streams. A spatial mapping unit 82 maps each data stream ontothe multiple antennas while applying the appropriate beamforming vectorto the data stream. In the present example transmitter 50 comprises fourtransmit antennas.

In the embodiment of FIG. 2, transmitter 50 comprises two jamming streamgenerators 86, which generate two respective jamming streams. Spatialmapping unit 82 applies suitable beamforming vectors to the jammingstreams, in a similar manner to the mapping of the data streams. Thus,unit 82 produces four outputs corresponding to four transmit antennas.Each output of unit 82 comprises a stream of samples made-up of weightedcomponents of each of the two data streams and each of the two jammingstreams, in accordance with the beamforming vectors set for the streams.

Each output of unit 82 is processed by a respective Inverse DiscreteFourier Transform (IDFT) module 90 that applies IDFT to the samplestream. A respective Guard Interval (GI) and Windowing module 94 insertsa GI into the sample stream and filters the stream with a suitablewindow function. A respective analog&RF module 98 converts the samplestream into an analog signal, up-converts the analog signal to RF,amplifies the RF signal and transmits the RF signal via the respectivetransmit antenna.

In the example of FIG. 2, the data streams comprise Orthogonal FrequencyDivision Multiplex (OFDM) signals that are multiplexed in the frequencydomain. Note that, even in an OFDM-based system, addition of the jammingstreams may alternatively be performed in the time domain. In suchimplementation, the coefficients of each beamforming vector of eachinterfering stream are, in general, Infinite Impulse Response (IIR)filters (i.e., complex rational functions in one variable D) instead ofplain complex numbers.

In the embodiment of FIG. 2, transmitter 50 comprises a control unit 96,which configures transmission parameters of the data streams and/orjamming streams, using techniques that are described below. For example,unit 96 may set parameters such as the fractions of transmit power to beallocated to the jamming streams, the Modulation and Coding Schemes(MCSs) to be assigned to the data streams, and/or any other suitabletransmission parameter.

In some of the embodiments described below, jamming stream generators 86are referred to a jamming generation circuitry that generates thejamming streams, elements 54-78 are referred to as data generationcircuitry that generates the data streams, and the remaining elements oftransmitter 50 are referred to as transmission circuitry that transmitsthe data streams and the jamming streams.

FIG. 3 is a block diagram that schematically illustrates a wirelesscommunication system 99 that uses physical-layer security, in accordancewith an alternative embodiment of the present invention. In system 99,unlike system 20 of FIG. 1 above, the jamming streams are produced by asentinel transmitter 100-A unit that is separate from AP 24. In theexample of FIG. 3, sentinel 100 transmits a jamming stream on a beam104. The beamforming vector selected by sentinel device 100 causes beam104 to be directed in a direction 108 of eavesdropper 32, and to have aspatial null in a direction 112 of STA 28. Additional aspects ofsentinel 100 are addressed in U.S. Pat. No. 7,751,353, cited above.

In this embodiment, the functionality of control unit 96 may be embodiedin sentinel 100, in AP 24 or it may be partitioned between the AP andthe sentinel in any suitable way.

Generally, the number of legitimate STAs 28 is denoted K (typically K=1,but not necessarily). Each legitimate STA may comprise a single receiveantenna or multiple receive antennas. AP 24 and/or sentinel device 100produces and transmits one or more data streams and one or more jammingstreams so that the legitimate STAs are able to decode the data streamsbut eavesdropper 32 is unable to decode them, with high likelihood.Although the description that follows refers to jamming streamstransmitted by AP 24, for the sake of clarity, at least some of thedisclosed techniques are similarly applicable to jamming streamstransmitted by sentinel device 100.

Let N denote the number of transmit antennas of AP 24, and let n_(k)denote the number of receive antennas of the k^(th) legitimate STA(kε{1, . . . , K}). The total number of receive antennas of alllegitimate STAs is denoted N_(U)≡Σ_(k=1) ^(K)n_(k). In a typicalapplication, although not necessarily, N_(U)<N. The number of jammingstreams is denoted N_(D), where typically N_(D)≦N−N_(U).

Typically although not necessarily, AP 24 selects the beamformingvectors applied to the jamming streams to be (at least approximately)orthogonal to the rows of the channel matrix between AP 24 and allreceive antennas of all legitimate STAs. (Alternatively, the beamformingvectors applied to the jamming streams are chosen to be approximatelyorthogonal to the rows of the effective channel matrix, which considersthe channels after receive-side beamforming in the legitimate STAs. Inthe present context, the terms “communication channel” and “channelmatrix” refer to either the physical channel or to the effectivechannel, as appropriate.)

Formally—Let H_(k)εC^(n) ^(k) ^(×N) denote the channel matrix betweenthe AP and the k^(th) legitimate STA, and let H_(U)≡(H₁ ^(T)| . . .|H_(K) ^(T))^(T)εC^(N) ^(U) ^(×N) denote the overall channel matrixbetween the AP and all the legitimate STAs, wherein ( )^(T) denotesmatrix transposition. The beamforming matrix B_(D)εC^(N×N) ^(D) of thejamming streams is typically constrained to satisfy the conditionH_(U)B_(D)≈0. Note, however, that generally the disclosed techniques arein no way limited to jamming streams whose beamforming vectors areorthogonal to the physical or effective channels of the data streams.

The system and transmitter configurations shown in FIGS. 1-3 are exampleconfigurations, which are chosen purely for the sake of conceptualclarity. In alternative embodiments, any other suitable system ortransmitter configuration can also be used. Some system or transmitterelements may be implemented in hardware, e.g., in one or moreApplication-Specific Integrated Circuits (ASICs) or Field-ProgrammableGate Arrays (FPGAs). Additionally or alternatively, some system ortransmitter elements can be implemented using software, or using acombination of hardware and software elements.

Some of the functions of the AP or the sentinel device, e.g., thefunctions of control unit 96, may be carried out using a general-purposeprocessor, which is programmed in software to carry out the functionsdescribed herein. The software may be downloaded to the processor inelectronic form, over a network, for example, or it may, alternativelyor additionally, be provided and/or stored on non-transitory tangiblemedia, such as magnetic, optical, or electronic memory.

Power Fraction and MCS Selection

In some embodiments, control unit 96 in AP 24 controls the SNRs at whichthe data streams are received by legitimate STAs 28 and affects the SNRsat which the data streams are received by eavesdropper 32, bycontrolling the power fraction allocated to the jamming streams, and/orthe Modulation and Coding Scheme (MCS) assigned to the data streams. Theadaptation of the power fraction and/or MCS is performed based on somecriterion that is set to reduce the probability of the data streamsbeing decoded by eavesdropper 32, while enabling successful decoding ofthe data streams by the legitimate target STAs.

In the following description, αε(0,1) denotes the fraction of theoverall transmit power P (summed over all the data streams and thejamming streams) that is allocated to the jamming streams. Generally,increasing α improves the level of security at the expense of reducedsignal strength at the legitimate STAs, and vice versa.

In some embodiments, AP 24 transmits each data stream using a certainMCS that is selected from a set of possible MCSs. Each MCS defines arespective combination of modulation and FEC code, and therefore arespective data rate. In the present context, the term “higher MCS”means an MCS having a higher data rate (and hence higher ordermodulation, higher coding rate and/or higher number of data streams).Similarly, the term “lower MCS” means an MCS having a lower data rate(and hence lower order modulation, lower coding rate and/or smallernumber of data streams). For a given decoding performance (e.g., errorrate or error probability), higher MCSs typically require higher SNR,and vice versa.

In some embodiments, AP 24 sets the power fraction a at some fixedvalue, e.g., α=0.5, and restricts the MCS used for transmitting a datastream to a particular legitimate STA to a partial subset of thepossible MCSs. In accordance with an example criterion, the AP definesthe partial subset of MCSs such that, given α, the eavesdropper isexpected with high probability to fail in decoding the data stream.Typically, the partial subset of MCSs is defined as the MCSs whose datarate is above a certain value (or whose index is above some minimumindex, assuming the MCSs are numbered with indices that correspond tothe respective data rates). This criterion restricts the choice of MCSsto those that require at least a certain SNR. With proper restriction ofthe MCSs, security is assured with high probability for any user thatcan support at least the lowest MCS in the allowed subset.

Consider, for example, K=1, i.e., a single data stream transmitted to asingle legitimate STA. Since α is known, the power fraction left for thedata stream is known, and the level of interference caused by thejamming stream to the legitimate STA (e.g., ≅0) is also known. Thisinformation is typically sufficient for finding the highest MCS thatwill still enable successful decoding by the legitimate STA. In someembodiments, AP 24 chooses the MCS for the data stream in question to bebelow this highest MCS, as long as the chosen MCS is in the partialsubset described above. If the highest MCS is not in the partial subset,then the AP can in some embodiments declare that secure transmission isnot possible for the legitimate STA and avoids transmission until theSTA has channel conditions allowing the use of some MCS in the allowedsubset.

AP 24 may define the partial subset of MCSs for a given data stream,e.g., set the minimum allowed MCS index, in any suitable way. In anexample embodiment, AP 24 has no information on the channel to theeavesdropper. In this example the AP regards the channel to theeavesdropper as random, drawn according to some statistical distributiondepending on the propagation channel. Consequently, the SNR (denoted γ)of the data stream at the eavesdropper is also random, and thestatistics of γ are determined by α.

Each single-stream MCS is associated with a respective threshold SNRdenoted γ_(TH) ^(MCS), such that if γ≧γ_(TH) ^(MCS), the error rate(e.g., Packet Error Rate—PER) at the eavesdropper is below the minimumPER that is considered adequate for security. In an embodiment, AP 24restricts the choice of MCS for a given data stream to the partialsubset of MCSs for which γ is likely to be below γ_(TH) ^(MCS). The APmay assume a certain channel model for this purpose, and set theCumulative Distribution Function (CDF) of γ for this channel model. (TheCDF of γ is typically calculated off-line using some assumed or measuredchannel model, e.g., by an external computer, and provided to the AP.)The AP may find the minimum MCS index i₀ for which the probability ofhaving γ≧γ_(TH) ^(MCS) is sufficiently low, e.g., below some probabilitythreshold. The AP then defines the partial subset of MCSs as the MCSswhose indices are i₀ or higher (higher indices correspond to higher MCS,and vice versa, in accordance with the definition above).

In alternative embodiments, AP 24 may define the partial subset of MCSs(e.g., define i₀) in any other suitable manner, not necessarily assumingany channel model or SNR calculation. For example, the minimum MCS indexmay be found in advance, e.g., using laboratory experimentation. Anexample laboratory experiment may include an AP and a user STA placed ina typical environment, and a potential eavesdropper that is movedbetween different locations in this environment. The AP transmits to theuser STA using various MCSs. In each eavesdropper location, the maximumMCS decodable by the eavesdropper is recorded. The experiment can berepeated for different AP and STA locations.

In another embodiment, an ad-hoc minimum MCS index is defined. Forexample, if the application using the data stream is likely to requiresome minimum MCS index i₁ for proper operation (e.g., the applicationmay request a desired throughput at a certain Quality-of-Service gradecorresponding to i₁), AP 24 may use this MCS index and set i₀≡i₁.

As yet another example, if it is known in advance that the channel fromthe AP to the legitimate STAs at any point in time is one of severalpossible propagation channel types, then it is possible to prepareseveral values of i₀ in advance, one for each channel type. Duringoperation, AP 24 may assess the current channel and choose the i₀ valuecorresponding to the current channel type. The AP may assess the channelbased on, for example, the learned channel matrix or a function of thematrix, measured or assumed SNR, PER or any other suitable measure ofthe channel.

FIG. 4 is a flow chart that schematically illustrates a method forphysical-layer security, in accordance with an embodiment of the presentinvention. The method begins with AP 24 defining a power fraction a ofthe total transmitted power P that is allocated to jamming streams, at apower ratio definition step 120.

AP 24 defines, based on α, a partial subset of the possible MCSs fortransmitting the data streams to its intended legitimate STA, at asubset definition step 124. The partial subset of MCSs is defined so asto include only MCSs that are expected to be un-decodable by theeavesdropper. The AP may define the partial subset of MCSs using themethods described above, for example. The AP transmits the jammingstreams using the power fraction α, and the data streams using an MCSselected from the respective partial subset of MCSs.

In some embodiments, unit 96 in AP 24 modifies the power fraction αallocated to the jamming streams based on the channel type between theAP and the legitimate STAs. In accordance with an example criterion,based on the Channel State Information (CSI) for the channels betweenthe AP and the legitimate STAs, AP 24 chooses α such that (i) the SNR ateavesdropper 32 will prevent successful decoding of the data streamswith high probability but (ii) the SNR at the legitimate STA will enablesuccessful decoding.

FIG. 5 is a flow chart that schematically illustrates a method forphysical-layer security, in accordance with an embodiment of the presentinvention. The method begins with AP 24 estimating the CSI for thechannels to the legitimate STAs, at a CSI estimation step 130. The APallocates the power fraction a for the jamming streams based on theestimated CSI, at an α allocation step 134. The AP transmits the datastreams and the jamming streams at the respective power levels accordingto the allocated α, at a transmission step 138.

In some embodiments, AP 24 chooses a based on the SINR that the datastreams would have, if they were allocated all the transmit power P(that is, if α were set to zero). Consider, for example, the case of asingle legitimate STA (i.e., K=1) and a single data stream. Based on theassumed model of the propagation channel from AP 24 to this STA, the APmay store the CDF of γ=γ(a) for several values of α and in memory.(Typically, the CDFs are calculated off-line, e.g., by an externalcomputer, and provided to the AP.) During operation, the AP can use itsknowledge of the actual channel towards the legitimate STA to calculateg(0), the SNR (this time assuming no interference from the jammingstream) at the legitimate STA, assuming α=0.

Assume, in this example, that the beamforming vectors of the jammingstreams are orthogonal to the channel of the legitimate STA, so that theSTA is not subject to interference. In this case, the SINR at thelegitimate STA for α>0, denoted g(α), is equal to the SNR and is givenby (1−α)·g(0). Based on the stored CDFs of γ(α), AP 24 may find the CDFsof γ(α)/g(α), e.g., by a simple re-scaling of the x-axis.

Then, the AP may choose the value of α for which γ(α)/g(α) is below somethreshold t with a sufficiently high probability p (e.g., p=0.95). Thethreshold t is typically set small enough to ensure that γ(α) is too lowfor successful decoding of the highest-rate MCS selected based on g(α).For example, for the set of MCSs defined in the IEEE 802.11n standard,cited above, t may be set between approximately −5 dB and −3 dB (thesenumbers are approximately the largest threshold difference between twoconsecutive MCSs), i.e., between approximately 0.3 and 0.5 in linearunits.

The example above makes an implicit assumption that the rate selectionscheme for the legitimate STA attempts to select the MCS having thehighest possible rate. After α is fixed, AP 24 may find a concrete valuefor g(α), and consequently choose a rate for the legitimate STA. Notethat in the current example, where α is chosen dynamically based on theSINR of the data streams, there is typically no limitation on theminimum allowed MCS.

In summary, the above-described example process of setting α and MCS,which is carried out by AP 24 based on the estimated CSI, comprises thefollowing steps:

Offline:

-   -   Find and store the CDFs of the α-dependent SINR of the data        streams at the eavesdropper side, γ(α), for several values of        the power fraction a allocated to the jamming streams.    -   Choose the desired SINR threshold t, and the desired probability        p for the SINR to be below t.

During operation:

-   -   Find g(0), the interference-free SNR at the legitimate STA        assuming α=0, for example based on the known channel towards the        legitimate STA.    -   Using the stored CDFs of γ(α), find α₀, the lowest value of α        for which the probability that γ(α)≦t·(1−α)·g (0) is at least p.        Set α to be equal to α₀.    -   After choosing α, the SNR γ(α) at the legitimate STA is known to        be α·g(0). Choose the highest-rate MCS for which the data stream        is decodable at this known SNR.

After carrying out these steps, AP 24 may begin transmission of the datastream and jamming stream.

The example above refers to a single data stream, for the sake ofclarity. In alternative embodiments, this technique can be generalizedin a straightforward manner to multiple data streams. In cases whereseveral data streams are transmitted, one effective SNR is typicallyused for representing them. Effective SNR may be used in variousscenarios that involve multiple data streams, such as for a multi-streamMCS. In such cases, a histogram of an effective γ can be used instead ofa histogram of γ. Effective SNRs that can be used for this purpose aredescribed, for example, by Tsai and Song, in “Effective-SNR Mapping forModeling Frame Error Rates in Multiple-State Channels,”3GPP2-C30-20030429-010, Apr. 29, 2003, which is incorporated herein byreference.

Modifying Jamming Streams During Transmission

In some embodiments, AP 24 modifies the jamming stream configurationduring a given data transmission that is transmitted on a data stream.(The description that follows refers to AP 24 for the sake of clarity.In alternative embodiments, the disclosed techniques may be carried outby sentinel 100.)

For example, a given data transmission (e.g., packet) may comprisemultiple successive parts that are transmitted in respective timeintervals. The AP may set the (one or more) jamming streams to differentconfigurations during different parts of the data transmission. Thisfeature provides an additional degree of trade-off between security anddata throughput for the legitimate STA.

In an example embodiment, a packet comprises a synchronization sequence,a training sequence used for channel estimation, a part that defines thesignal parameters (e.g., MCS) and a payload that carries the packetdata. Packets in IEEE 802.11n and IEEE 802.11ac systems, for example,comprise training sequences that are referred to as Short trainingFields (STFs) and Long Training Fields (LTFs). The packet part thatdefines the signal parameters is referred to as a SIGNAL field in IEEE802.11n and IEEE 802.11ac systems. Generally, however, a packet or otherdata transmission may comprise any suitable number of parts of anysuitable kind.

AP 24 may modify any suitable characteristic of the jamming streams fromone part of the data transmission to another, and any such modificationis regarded herein as a different jamming stream configuration. Forexample, the AP may modify the number of jamming streams that aretransmitted during different parts of the data transmission. Inparticular, the AP may switch off the jamming streams during one or moreparts of the data transmission, and switch on one or more jammingstreams during one or more other parts.

When the data transmission comprises a communication packet, forexample, the AP may transmit one jamming stream configuration during thepacket payload, and another jamming stream configuration during packetparts other than the payload.

For IEEE 802.11n or IEEE 802.11ac packets, for example, the AP maytransmit jamming streams only during the packet payload transmission,only during transmission of the payload and training sequence, or onlyduring transmission of the payload, the training sequence and thesynchronization sequence. In another example, the AP may transmitjamming streams only during the payload and the packet part used forindicating the signal parameters. Further alternatively, the AP mayapply jamming selectively during any other suitable subset of the packetparts.

In alternative embodiments, the AP transmits different numbers ofjamming streams during different respective parts of the datatransmission. Additionally or alternatively, the AP steers the jammingstreams using different beamforming vectors during different respectiveparts of the data transmission.

Consider, for example, an IEEE 802.11n or IEEE 802.11ac embodiment inwhich the beamforming vectors of the jamming streams are selected tocause substantially no interference at the legitimate STAs. In thisembodiment, the AP may configure the jamming streams differently duringLTF transmission and during payload transmission. During LTFs, the STAstypically do not yet have sufficient information for performingreceive-side beamforming. Therefore, the jamming stream beamformingvectors should be orthogonal to the channels of all receive antennas ofall legitimate STAs. During payload transmission, on the other hand, theSTAs typically apply receive-side beamforming, and the jamming streambeamforming vectors may be orthogonal only to the effective,post-receive-side beamforming channels.

Since the number of data streams transmitted to a legitimate STA istypically smaller than the number of STA receive antennas, the relaxedconstraint of being orthogonal only to the effective channels enables alarger number of jamming streams during payload transmission, andtherefore increased security.

In the embodiments described above, AP 24 modifies the number of jammingstreams and/or the beamforming vectors of the jamming streams fordifferent parts of the data transmission. In alternative embodiments,the AP may modify any other suitable configuration of the jammingstreams.

For example, the power of the jamming streams (or the ratio α definedabove) may be set to different values during different parts of atransmission (e.g., packet). In accordance with the IEEE 802.11n/acstandard, the SIGNAL field should be transmitted at the lowest possibleMCS of the standard. Consequently, the SIGNAL field may be moresusceptible to eavesdropping. Thus, in some embodiments, the jammingstream power (or the value of α) is increased during the SIGNAL filed.

FIG. 6 is a flow chart that schematically illustrates a method forphysical-layer security, in accordance with an embodiment of the presentinvention. The method begins with AP 24 defining different jammingstream configuration for different respective packet parts, at adefinition step 140. The AP transmits a valuable data packet using oneor more streams, and simultaneously transmits one or more jammingstreams, at a stream transmission step 144. In transmitting the jammingstreams, the AP alternates between the jamming stream configurationsdefined for the respective packet parts.

Since in some embodiments security is achieved by using jammingbeamforming vectors that are only constrained to be orthogonal to theeffective channel of the legitimate receivers, there may existeavesdropper locations for which the jamming streams are received atlower power than the data streams. At these locations, if the channel isstatic (i.e., changes slowly over time) the eavesdropper may be able todecode the data streams constantly.

To overcome this problem, in some embodiments a legitimate receiverdeliberately changes its RX beamforming vectors over time in order toforce variations in the effective channel. While this method maysomewhat degrade the achievable data rate of the legitimate receiver, itintroduces a significant enhancement in security. Consider, for example,the transmission of a single data stream to a single multiple-antennalegitimate receiver. The legitimate receiver may switch between RXbeamforming to the strongest and the second strongest eigenmode, and thejamming beamforming vectors will change accordingly, following thechanges in the effective single-RX antenna channel. The AP may beinformed of the effective channel by explicit feedback from thelegitimate receiver, which reports on the effective channel (includingthe RX beamforming) instead of the physical channel.

Beamforming Vector Computation

The description that follows provides an example technique forcalculating the beamforming vectors for the jamming streams. In thedisclosed embodiments, control unit 96 of AP 24 (or sentinel 100)applies this scheme under the assumption that the jamming streambeamforming vectors are to cause zero interference to the legitimateSTAs. In other words, as noted above, the beamforming vectors of thejamming streams are constrained to be orthogonal to the rows of H_(U).

In order to calculate the beamforming vectors of the jamming streams,unit 96 of AP 24 calculates an orthonormal basis for the vector subspaceker(H_(U))={x|H_(U)x=0}, a subspace that is orthogonal to the aggregatechannel matrix H_(U). (For the sake of clarity, the description refersto jamming stream beamforming vectors that are orthogonal to thephysical channels of the legitimate STA antennas. The disclosedtechnique can be used in a similar manner to calculate jamming streambeamforming vectors that are orthogonal to the effective channelsfollowing receive-side beamforming at the STAs.)

In one embodiment, AP 24 finds the orthonormal basis using LQfactorization of H_(U). In such a process H_(U) is written as H_(U)=L·Q,wherein Q is a unitary matrix QεC^(N×N), and L is a lower-triangularmatrix LεC^(N) ^(U) ^(×N). Assuming that H_(U) is of full rank, theconjugate transpose of the last N-N_(U) rows of Q may serve as thedesired orthonormal basis.

Alternatively, AP 24 may produce the LQ factorization of H_(U) by QRfactorization of H_(U)*. In this process, H_(U)* is written asH_(U)*=Q·R, yielding H_(U)=R*Q* The AP produces the desired basis forker(H_(U)) by taking the last N-N_(U) columns of matrix Q in the QRfactorization of H_(U)*. AP 24 may perform the QR factorization usingany suitable method. Examples of known methods that can be used for thispurpose comprise the Householder method and the Givens rotations.

In some embodiments, for all k, the k-th legitimate STA 28 performs aSingular Value Decomposition (SVD) of its channel matrix H_(k) to obtainH_(k)=U_(k)·D_(k)·V_(k)* (with U_(k), D_(k)εC^(n) ^(k) ^(×n) ^(k) andV_(k)*εC^(n) ^(k) ^(×N), where ( )* denotes matrix conjugation andtransposition), U_(k) and V_(k) have orthonormal columns, and D_(k) isdiagonal), and sends the AP only V_(k). If H_(k) is full rank for all k(i.e., no zeros on the main diagonals of all matrices D_(k)), then

${\ker \left( H_{U} \right)} = {{\ker \begin{pmatrix}{U_{1}D_{1}V_{1}^{*}} \\{U_{2}D_{2}V_{2}^{*}} \\\vdots \\{U_{K}D_{K}V_{K}^{*}}\end{pmatrix}} = {\ker \begin{pmatrix}V_{1}^{*} \\V_{2}^{*} \\\vdots \\V_{K}^{*}\end{pmatrix}}}$

Therefore, in embodiments where all V_(k) are available instead ofH_(U), the AP may derive the orthonormal basis using the above methodfrom (V₁|V₂ . . . |V_(K))* instead of from H_(U).

FIG. 7 is a flow chart that schematically illustrates a method forcalculating jamming stream beamforming vectors, in accordance with anembodiment of the present invention. The method begins with AP 24determining the aggregated channel matrix H_(U), at a channel estimationstep 150. The AP then determines the matrix Q of the QR factorizationH_(U)*=Q·R, at a Q determination step 154.

AP 24 forms an orthonormal basis for ker(H_(U)) by taking the lastN-N_(U) rows of Q, at a basis formation step 158. The AP then calculatesthe beamforming vectors for the jamming streams using the orthonormalbasis, at a jamming vector calculation step 162. Typically, the AP willuse the maximum possible number of jamming streams (that is, N-N_(U)jamming streams). In general, however, the number N_(d) of jammingstreams may be smaller than N-N_(U), and so in some cases the AP willonly have to calculate less than N-N_(U) beamforming vectors for thejamming streams.

Physical-Layer Security Using Implicit Channel Feedback

In the embodiments described above, AP 24 configures the parameters ofthe data streams and jamming streams (e.g., power levels, beamformingvectors, number of jamming streams and activation times for jammingstreams) based on the estimated communication channels between the APand the legitimate STAs. The AP typically receives from the legitimateSTAs explicit feedback (e.g., CSI) regarding the channels from the AP,and uses the explicit feedback for configuring the data and jammingstreams. In IEEE 802.11n systems, for example, the explicit feedback maycomprise the actual channel matrices as measured by the STAs.

In some scenarios, however, the explicit feedback transmitted by theSTAs may be used by eavesdropping receiver 32 to mitigate thephysical-layer security techniques described herein. For example, theeavesdropper may intercept the explicit feedback transmissions from theSTAs, reconstruct the aggregate channel matrix H_(U), and use thereconstructed channel matrix to cancel the effect of the jammingstreams.

In some embodiments, control unit 96 in AP 24 assumes that the channelsbetween the AP and the legitimate STAs are reciprocal, i.e., that thechannel from a given AP antenna to a given STA antenna is substantiallythe same as (or is otherwise indicative of) the channel in the oppositedirection. Under this assumption, the AP can receive uplink signals(e.g., sounding frames carrying training signals) from the legitimateSTAs, and learn the downlink channel responses from the received uplinksignals. This form of channel estimation is referred to as implicitfeedback.

When system 20 uses implicit feedback, no channel feedback istransmitted over the air. Thus, eavesdropper can only obtain the channelresponses from the legitimate STAs to the eavesdropper (which areusually of no value) and not the channel responses between the AP andthe STAs. AP 24 may implement any of the physical-layer securitydescribed herein using implicit feedback.

FIG. 8 is a flow chart that schematically illustrates a method forphysical-layer security using implicit feedback, in accordance with anembodiment of the present invention. The method begins with AP 24receiving training signals over the uplink from legitimate STAs 28, atan uplink reception step 170. AP 24 estimates the downlink channelresponses, from the AP to the legitimate STAs, based on the trainingsignals received over the uplink, at a channel estimation step 174.

The AP configures one or more data streams and/or one or more jammingstreams based on the estimated downlink channel responses, at a streamconfiguration step 178. Any suitable parameter of the data streamsand/or jamming streams may be configured based on the implicit feedback,such as power levels, beamforming vectors, number of jamming streams andactivation times for jamming streams in accordance with the methodsdescribed above.

In some embodiments, when using implicit feedback, AP 24 instructs thelegitimate STAs to transmit sufficient uplink signals that enable the APto learn the full channel matrices between the STAs and the AP. In otherwords, AP 24 instructs the legitimate STAs to transmit training signalsthat provide channel information relating to all receive antennas of thelegitimate STAs. For example, the AP may instruct the legitimate STAs totransmit training signals via all their antennas.

In some embodiments, AP 24 instructs a legitimate STA 28 to disable oneor more of its reception chains (i.e., one or more receive antennas andassociated receiver or processing circuitry) when using thephysical-layer security schemes described herein with implicit feedback.This feature is useful in a number of scenarios.

For example, in some embodiments the legitimate STA comprises morereceive chains (and respective receive antennas) than transmit chains(and respective transmit antennas). In such a case, even if the STAtransmits uplink training signals via all the transmit antennas, the APwill not be able to deduce the full downlink channel matrix from thesesignals. Disabling one or more of the receive chains in the STA (e.g.,leaving only those receive chains that have corresponding transmitchains) enables the system to overcome this limitation. As anotherexample, disabling one or more of the STA receive chains will typicallyincrease the maximum possible number of jamming streams, therebyincreasing the possible security level.

Selective Application of Secure Transmission

In some embodiments, control unit 96 holds a definition of two or moretransmission modes having different levels of physical-layer security,i.e., different levels of preventing eavesdropping receivers fromdecoding data streams. Unit 96 selects the appropriate transmission modefor transmitting a given data stream by evaluating a certain selectioncriterion. Several example criteria are described further below.

This sort of multi-mode operation enables the system to offer varyinglevels of physical-layer security to different STAs. Moreover, thistechnique improves the system performance, since it reduces thecommunication overhead and performance degradation that is associatedwith transmission of the jamming streams.

In some embodiments, the transmission modes comprise a secure mode and anormal mode. In the secure mode the AP (or sentinel) transmits the datastream simultaneously with one or more jamming streams, using any of themethods described herein. In the normal mode, the data stream istransmitted without jamming streams.

In some embodiments, the transmission configuration of the data streamdiffers between the normal and secure modes. In one embodiment, unit 96selects the MCS (and thus the data rate) for the data stream usingdifferent rules in the two modes. Generally, higher-rate MCSs provide ahigher degree of security, since they require a higher SNR at theeavesdropping receiver for successful decoding. Thus, in someembodiments, unit 96 applies a more aggressive MCS selection rule in thesecure mode, in comparison with the normal mode.

Consider, for example, a rule that selects the MCS such that the PacketError Rate (PER) is below some maximum allowed threshold t. In thisembodiment, unit 96 may set t to a higher value in the secure mode andto a lower value in the normal mode. This setting enables highersecurity in the secure mode, at the possible expense of poorer receptionat the legitimate STA.

In alternative embodiments, unit 96 causes the AP (or sentinel) totransmit channel sounding signals more frequently in the secure mode, incomparison with the normal mode. Typically, the AP selects beamformingvectors for the jamming streams based on channel feedback from thelegitimate STAs. The STAs typically learn the channel by performingmeasurements on channel sounding signals that they receive from the AP.

Therefore, transmitting channel sounding signals more frequentlyincreases the accuracy of the jamming stream beamforming vectors,especially when the channel varies over time. In an embodiment, the APtransmits channel sounding signals more frequently in the secure mode,in order to maintain the accuracy of the jamming stream beamforming.

In some embodiments, unit 96 selects the appropriate transmission modedepending on the Serving Set ID (SSID) with which the legitimate STA isassociated. In these embodiments, the AP supports operation in multipleSSIDs. The AP associates each legitimate STA with one of the supportedSSIDs, and transmits to each legitimate STA using a transmission modethat corresponds to this SSID. This technique enables the AP to providevarying levels of physical-layer security to different STAs.

In some embodiments, transmissions in one SSID are performed in a securemode, i.e., with jamming streams, while transmission in another SSID isperformed without any jamming streams. In other embodiments, in one SSIDone subset of the frames (e.g., all the frames) are protected by jammingstreams, while in another SSID a different subset of the frames isprotected by jamming streams.

In some embodiments, the AP associates one or more STAs that requirehigh-level physical-layer security with a given SSID, and protects allframes (including multicast and broadcast frames) in this SSID withjamming streams. In other SSIDs the multicast and broadcast frames arenot protected. This technique enables the AP to prevent even legitimateSTAs outside the given SSID from decoding the data streams addressed tothe STAs in this SSID.

In various embodiments, transmission mode selection may be initiated bythe AP or sentinel (or management application that control either ofthem), or by the STA. In some embodiments, frames that are to beprotected by jamming streams are tagged, and the AP transmits jammingstreams selectively—to protect only the tagged frames.

FIG. 9 is a flow chart that schematically illustrates a method forphysical-layer security, in accordance with an embodiment of the presentinvention. The method begins with tagging frames that are intended forsecure transmission, at a tagging step 180. Tagging of this sort can beperformed, for example, by the AP, by a management application or by anyother suitable entity.

When preparing to transmit a certain frame in a data stream, unit 96 inthe AP checks whether the frame is tagged, at a frame checking step 184.If the frame is not tagged, as checked at a checking step 188, the APtransmits the frame using the normal transmission mode, at a normaltransmission step 192. If, on the other hand, step 188 indicates thatthe frame is tagged, the AP transmits the frame using the securetransmission mode, at a secure transmission step 196. The method thenloops back to step 184 above for processing the next frame.

In yet another embodiment, tagging of frames may depend on the AccessCategory (AC) mechanism of the IEEE 802.11n/ac standard (or a similarmechanism in other standards). For example, packets with the highest ACmay be considered as tagged. In an alternative embodiment, the MCSsubset for security, as well as the jamming stream power fraction, α,may depend on the AC, thus providing different levels of security fordifferent ACs.

In some embodiments, the legitimate STA sends signaling requests to theAP, requesting to protect particular data streams or frames. Theserequests may signal the AP to start or stop transmission of jammingstreams, or they may use any other suitable protocol. This mechanismenables an end-user application in the STA to select between secure andnormal transmissions, e.g., in order to protect sensitive transactions.

Selective STA Configuration During Secure and Normal Transmission

As noted above, in order to apply effective physical-layer security, AP24 should have complete channel information to all STA antennas. Invarious scenarios, it may not be possible for the AP to obtain completeCSI:

-   -   The AP performs single-user explicit beamforming channel        sounding for the full dimensions of the channel (number of STA        antennas), as defined in the IEEE 802.11n and IEEE 802.11ac        standards, but the STA decides to return only a subset of the        channel matrix.    -   The STA has more receive antennas than the number of supported        spatial streams. For example, 2T3R STA (with two transmit        antennas and three receive antennas) supporting 2SS (two spatial        streams). In this case, in the IEEE 802.11n standard, the AP can        sound only for a maximum dimension equal to the number of        supported spatial streams. Moreover, the AP is typically unaware        of the existence of the extra receive antennas.    -   The STA has more receive antennas than transmit antennas, and        the AP uses implicit beamforming for estimating the channel for        physical-layer security.    -   The STA uses an antenna selection/switching scheme in which        different antennas are used for reception and transmission, and        the AP uses implicit beamforming.

In some embodiments, the last three scenarios can be mitigated byinstructing the STA to use the same set of antennas for transmission andreception when communicating in the secure transmission mode. Forexample, in the 2T3R STA that supports 2SS, the third receive antennacan be disabled in the secure transmission mode. The disabling operationmay be controlled by either the AP or the STA upon entering the securetransmission mode. When the disabling is controlled by the AP, aprotocol is typically defined between the AP and the STA for controllingthis feature in the STA. In some embodiments, the first scenario abovecan be mitigated by forcing the STA to return its full channel matrix.The control over this option can be performed by the STA or by the AP.

These STA control functions above are applicable to systems in whichphysical-layer security is performed by an AP (e.g., FIG. 1) or by asentinel device (e.g., FIG. 3). When using a sentinel device, the STAmay be forced to reply to the sounding requests of the sentinel device.In another embodiment, the sentinel device may impersonate the AP andsend the sounding request as if it is transmitted from the AP, e.g.,using the proper SSID and data encryption for the STA. In theseembodiments the STA would treat the channel sounding request as if it istransmitted by the AP and would therefore reply. In theseimplementations, the sentinel may be coordinated with the AP, e.g.,receive the AP parameters to enable it to impersonate the AP.

Another scenario in which non-standard STA configuration in the securetransmission mode is useful is when the AP or sentinel needs to employexplicit beamforming, but the STA has not yet enabled its explicitsounding feedback mechanism. One such scenario occurs in the IEEE802.11n/ac standards, when the STA has not associated to the AP. In thiscase, a conventional STA may not respond to sounding requests, and so toenable physical-layer security, the STA must be configured to supportsounding even before association. It should be noted thatpre-association transactions are typically not encrypted, and thereforethere is particular value in employing physical-layer security methodsat this stage.

FIG. 10 is a flow chart that schematically illustrates a method forphysical-layer security, in accordance with an embodiment of the presentinvention. The method begins with the AP or STA checking whethertransmission is conducted using the secure or normal transmission mode,at a mode checking step 200. If transmission is conducted using thesecure transmission mode, the STA is forced to disable one or more ofits receive antennas (and associated receive chain), and/or to feedbackits full channel matrix, at a STA configuration step 204. Otherwise, theSTA configuration is skipped.

Selective Triggering of Sentinel Device

In some embodiments, sentinel device 100 of FIG. 3 attempts to interceptdata transmissions that should be protected with one or more jammingstreams. One possible way to identify a data transmission is to decodethe receiver and/or sender address in the Medium Access Control (MAC)header of the frame. In this mode of operation (aspects of which aredescribed, for example, in U.S. Pat. No. 7,751,353, cited above) thesentinel decodes the MAC addresses in the header. When the sentinelidentifies an address that should be secured, it switches from receptionto transmission and starts transmitting one or more jamming streams thatare orthogonal to the destination of the frames.

This approach, however, is sub-optimal, for example since the MAC headeris not protected by CRC and may therefore be unreliable. Moreover, thejamming streams protect only the data portion of the frame and not thepreamble (since the preamble precedes the MAC header). It can be shownthat physical-layer security is enhanced when parts of the preamble arealso protected by the jamming streams.

In some embodiments, sentinel 100 identifies the frames to be protectedby detecting the exchange of Request-To-Send/Clear-To-Send (RTS/CTS)messages that precedes the frames in question, from which the identityof the target STA intended to receive the data stream is recognizable.The sentinel can then provide security to all frames (downlink oruplink) that are exchanged during the transaction (TXOP) in which thedetected RTS/CTS took place. In these embodiments, the sentinel cantransmit the jamming streams starting from the preamble, since it has noneed to intercept the address in the MAC header of each frame.

In an alternative embodiment, the sender of the frames can becoordinated with the sentinel and notify it in advance that certainframes should be protected (e.g. the frames that immediately follow thenotification). The coordination can be done over the air or using anyother suitable means.

It will be appreciated that the embodiments described above are cited byway of example, and that the present invention is not limited to whathas been particularly shown and described hereinabove. Rather, the scopeof the present invention includes both combinations and sub-combinationsof the various features described hereinabove, as well as variations andmodifications thereof which would occur to persons skilled in the artupon reading the foregoing description and which are not disclosed inthe prior art. Documents incorporated by reference in the present patentapplication are to be considered an integral part of the applicationexcept that to the extent any terms are defined in these incorporateddocuments in a manner that conflicts with the definitions madeexplicitly or implicitly in the present specification, only thedefinitions in the present specification should be considered.

1. A method for communication, comprising: in a transmitter thattransmits one or more data streams to respective target receivers andone or more jamming streams for preventing the data streams from beingdecoded by eavesdropping receivers, holding a definition of at leastfirst and second transmission modes having respective, different firstand second levels of security in preventing the data streams from beingdecoded by the eavesdropping receivers; selecting one of the first andsecond transmission modes for transmitting a data stream to a targetreceiver by evaluating a selection criterion; and transmitting the datastream and the jamming streams via an antenna array using the selectedtransmission mode.
 2. The method according to claim 1, whereintransmitting the data stream using the first transmission mode comprisestransmitting at least one jamming stream simultaneously with the datastream, and wherein transmitting the data stream using the secondtransmission mode comprises transmitting the data stream whileinhibiting transmission of the jamming streams.
 3. The method accordingto claim 1, wherein selecting the transmission mode comprises selectinga data rate for the data stream using a first rule, and whereintransmitting the data stream using the second transmission modecomprises selecting the data rate using a second rule, different fromthe first rule.
 4. The method according to claim 1, wherein transmittingthe data stream using the first transmission mode comprises transmittingchannel sounding signals at first time intervals, and whereintransmitting the data stream using the second transmission modecomprises transmitting the channel sounding signals at second timeintervals, more frequent than the first intervals.
 5. The methodaccording to claim 1, wherein selecting the transmission mode comprisesinstructing the target receiver to respond to sounding requests prior toassociation with any transmitter while operating in the firsttransmission mode, and to respond to sounding requests only after theassociation while operating in the second transmission mode.
 6. Themethod according to claim 1, wherein evaluating the selection criterioncomprises choosing between the first and second transmission modedepending on a Service Set ID (SSID) with which the target receiver isassociated.
 7. The method according to claim 1, wherein transmitting thedata stream using the first transmission mode comprises transmitting ajamming stream during a first subset of frames of the data stream, andwherein transmitting the data stream using the second transmission modecomprises transmitting the jamming stream during a second subset of theframes of the data stream, different from the first subset.
 8. Themethod according to claim 1, wherein selecting the transmission modecomprises receiving a request from the target receiver to select the oneof the first and second transmission modes, and choosing thetransmission mode in response to the request.
 9. The method according toclaim 1, wherein selecting the transmission mode comprises instructingthe target receiver to disable one or more receive chains in the targetreceiver when operating in the first transmission mode, and to enablethe one or more receive chains when operating in the second transmissionmode.
 10. The method according to claim 1, wherein selecting thetransmission mode comprises instructing the target receiver to transmit,when operating in the first transmission mode, channel feedback that isindicative of all receive antennas of the target receiver.
 11. Themethod according to claim 1, wherein selecting the transmission modecomprises extracting from the data stream a tag that indicates arequested transmission mode, and selecting the transmission moderesponsively to the tag.
 12. The method according to claim 1, whereinselecting the transmission mode comprises detecting an exchange ofRequest-To-Send/Clear-To-Send (RTS/CTS) messages that precedes the datastream, from which an identity of a target receiver intended to receivethe data stream is recognizable, and initiating the transmission modebased on the detected RTS/CTS messages.
 13. A communication apparatus,comprising: transmission circuitry, which is configured to transmit datastreams to target receivers and jamming streams for preventing the datastreams from being decoded by eavesdropping receivers; and a controlunit, which is configured to hold a definition of at least first andsecond transmission modes having respective, different first and secondlevels of security in preventing the data streams from being decoded bythe eavesdropping receivers, to select one of the first and secondtransmission modes for transmitting a data stream to a target receiverby evaluating a selection criterion, and to control the transmissioncircuitry to transmit the data stream and the jamming streams via anantenna array using the selected transmission mode.
 14. The apparatusaccording to claim 13, wherein the control unit is configured to controlthe transmission circuitry to transmit at least one jamming streamsimultaneously with the data stream in the first transmission mode, andto transmit the data stream while inhibiting transmission of the jammingstreams in the second transmission mode.
 15. The apparatus according toclaim 13, wherein the control unit is configured to select a data ratefor the data stream using a first rule in the first transmission mode,and to select the data rate using a second rule, different from thefirst rule, in the second transmission mode.
 16. The apparatus accordingto claim 13, wherein the control unit is configured to control thetransmission circuitry to transmit channel sounding signals at firsttime intervals in the first transmission mode, and to transmit thechannel sounding signals at second time intervals, more frequent thanthe first intervals, in the second transmission mode.
 17. The apparatusaccording to claim 13, wherein the control unit is configured toinstruct the target receiver to respond to sounding requests prior toassociation with any transmitter while operating in the firsttransmission mode, and to respond to sounding requests only after theassociation while operating in the second transmission mode.
 18. Theapparatus according to claim 13, wherein the control unit is configuredto choose between the first and second transmission mode depending on aBasic Service Set ID (SSID) with which the target receiver isassociated.
 19. The apparatus according to claim 13, wherein the controlunit is configured to control the transmission circuitry to transmit ajamming stream during a first subset of frames of the data stream in thefirst transmission mode, and to transmit the jamming stream during asecond subset of the frames of the data stream, different from the firstsubset, in the second transmission mode.
 20. The apparatus according toclaim 13, wherein the control unit is configured to receive a requestfrom the target receiver to select the one of the first and secondtransmission modes, and to choose the transmission mode in response tothe request.
 21. The apparatus according to claim 13, wherein thecontrol unit is configured to instruct the target receiver to disableone or more receive chains in the target receiver when operating in thefirst transmission mode, and to enable the one or more receive chainswhen operating in the second transmission mode.
 22. The apparatusaccording to claim 13, wherein the control unit is configured toinstruct the target receiver to transmit, when operating in the firsttransmission mode, channel feedback that is indicative of all receiveantennas of the target receiver.
 23. The apparatus according to claim13, wherein the control unit is configured to extract from the datastream a tag that indicates a requested transmission mode, and to selectthe transmission mode responsively to the tag.
 24. The apparatusaccording to claim 13, wherein the control unit is configured to detectan exchange of Request-To-Send/Clear-To-Send (RTS/CTS) messages thatprecedes the data stream, from which an identity of a target receiverintended to receive the data stream is recognizable, and to initiate theselected transmission mode based on the detected RTS/CTS messages.